Is force_redirect needed for Letsencrypt?

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
14,187
Location
Maastricht
I found this in the help section.

echo "force_hostname=your.hostname.com" >> directadmin.conf
echo "ssl_redirect_host=your.hostname.com" >> directadmin.conf
Click to expand...

However, if I use these both, on certain scripts de http referer is not correct anymore and they won't load.
If I use a user level Letsencrypt certificate, on visiting https://www.userdomain.com:2222 it will automatically redirect to https://server.myhostname.nl:2222 which I don't want.

Can it harm to delete both those lines so this won't happen and no redirect's are made?
 
Yes, are not needed as default, those just redirect each user to a specific host if you want that, otherwise they just will not get redirected.

I'm not using them either :)

That's it :)

Best regards
 
Hey,

Directadmin as of now does not support multiple certs (to access its own interface on port :2222), so if you use Directadmin over HTTPS and don't want to see warnings about domain miss-match in a SSL certificate you are highly advised to use the both directives in directadmin.conf:

Code: 
force_hostname=your.hostname.com
ssl_redirect_host=your.hostname.com

As for the scripts which do not load... they should be investigated additionally.
 
Directadmin as of now does not support multiple certs (to access its own interface on port :2222),
Click to expand...
Oke, but in that case have a look here:
https://help.directadmin.com/item.php?id=629

I would suggest to improve this text to give a better explanation, because now we get the wrong impression about this:
To fully enable the LetsEncrypt feature so that DA will auto-renew the cert, and so clients can create their own certficates for their domain, also add:
Click to expand...
Maybe add there "except for the DA interface" or something? Beacuse otherwise the impression is that users also can visit 2222 via https without any other adjustments.

As for the scripts which do not load... they should be investigated additionally.
Click to expand...
That had to do with a http referer line:
Undefined index: HTTP_REFERER in line xx etc.

This referer looks like this:
Code: 
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
I guess it does not like either one of those lines which should be added.

This worries me because maybe other customers have some older scripts which could also stop loading when I put those 2 lines back in.
 
I was talking about the fact to not use those options, and allow each user to have their own access to the panel (ex. cp.example.com)
You can request the certificate for cp.example.com (once you created the require templates and used rewrite_confs).

Yes,the uer can access port 2222 directly, unless you decide to block it via firewall for example (or even change it)

At the current moment my setup is:
Each domain have the host directadmin.domain.com
On the virtulahost point of vie is set this way:
http redirect to https (excluding /.well_known for certificate purposes)
https proxypass to server-hostname:2222

So it means, that if you are my customer, and you've got the domain example2.com, you can either go to directadmin.crazynetwork.it (so, central access page for all the panel, not yet implemented but that's the goal) or go to directadmin.example2.com and log into DA.

This way, i may decide to not even use port 2222, none of my users use that anywa, because the welcome email has been customized to have as CP URL: directadmin.|DOMAIN|

I hope i'd explained a little better :)

Best regards
 
My reply was directed to ZeiTeR Sellerone.

But thank you for the additional explanation of your tip. I know what your mean and the possibilities.
That's very nice, but in fact I only wanted SSL for the email for users. Now they can get ssl for http and ftp too, that's just a nice benefit.
My customers almost never use the DA panel after initial setup. So if they want to visit the panel, they just have to use the "old" http way on port 2222.:)
 
You must log in or register to reply here.
Back
Top